Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

http: add support for client certificates #1152

Merged
merged 1 commit into from
Mar 15, 2023
Merged

http: add support for client certificates #1152

merged 1 commit into from
Mar 15, 2023

Conversation

mjcheetham
Copy link
Collaborator

@mjcheetham mjcheetham commented Mar 14, 2023
edited
Loading

Add support for automatically sending client TLS certificates using the Git configuration setting 'http.sslAutoClientCert'.

This setting is currently only present in Git for Windows, and there is only respected when the SSL backend is "schannel".

Fixes #369

@mjcheetham mjcheetham added enhancement New feature or request network Related to networking (VPN, TCP/IP, etc) labels Mar 14, 2023
@mjcheetham mjcheetham requested a review from ldennington March 14, 2023 22:39
@mjcheetham mjcheetham marked this pull request as ready for review March 14, 2023 22:39
mjcheetham
mjcheetham commented Mar 15, 2023
View reviewed changes
src/shared/Core/Settings.cs Outdated
@@ -563,6 +568,9 @@ public bool IsCertificateVerificationEnabled
}
}

public bool AutomaticallyUseClientCertificates =>
!TryGetSetting(null, KnownGitCfg.Credential.SectionName, KnownGitCfg.Http.SslAutoClientCert, out string value) && value.ToBooleanyOrDefault(false);
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just noticed a small logic bug here..

Suggested change
!TryGetSetting(null, KnownGitCfg.Credential.SectionName, KnownGitCfg.Http.SslAutoClientCert, out string value) && value.ToBooleanyOrDefault(false);
TryGetSetting(null, KnownGitCfg.Credential.SectionName, KnownGitCfg.Http.SslAutoClientCert, out string value) && value.ToBooleanyOrDefault(false);

If there is no setting available we should return false!

@mjcheetham
http: add support for client certificates
240ba5d 
Add support for automatically sending client TLS certificates using the
Git configuration setting 'http.sslAutoClientCert'.

This setting is currently only present in Git for Windows, and there is
only respected when the SSL backend is "schannel".
@mjcheetham mjcheetham merged commit 9f1b048 into git-ecosystem:main Mar 15, 2023
@mjcheetham mjcheetham mentioned this pull request Mar 15, 2023
Closed
@mjcheetham mjcheetham mentioned this pull request May 2, 2023
Merged
mjcheetham added a commit that referenced this pull request May 2, 2023
@mjcheetham
Create GCM 2.1.0 release (#1235)
32fef9d 
**Changes:**

- Support ports in URL-scoped config (#825)
- Support URL-scoped enterprise default settings (#1149)
- Add support for client TLS certificates (#1152)
- Add TRACE2 support(#1131, #1151, #1156, #1162)
- Better browser detection inside of WSL (#1148)
- Handle expired OAuth refresh token for generic auth (#1196)
- Target *-latest runner images in CI workflow (#1178)
- Various bug fixes:
  - Ensure we create a WindowsProcessManager on Windows (#1146)
  - Ensure we start child processes created with ProcessManager (#1177)
  - Fix app path name of Windows dropping file extension (#1181)
  - Ensure we init IEnvironment before SessionManager (#1167)
  - git: consistently read from stdout before exit wait (#1136)
  - trace2: guard against null pipe client in dispose (#1135)
- Make Avalonia UI the default Windows and move to in-process (#1207)
- Add Git configuration options for trace & debug (#1228)
- Transition from Nerdbank.GitVersioning to a version file (#1231)
- Add support for using the current Windows user for WAM on DevBox
(#1197)
- Various documentation updates:
  - org-rename: update references to GitCredentialManager (#1141)
  - issue templates: remove core suffix (#1180)
  - readme: add link to project roadmap (#1204)
  - docs: add bitbucket app password requirements (#1213)
  - .net tool: clarify install instructions (#1126)
  - docs: call out different GCM install paths in WSL docs (#1168)
  - docs: add trace2 to config/env documentation (#1230)
@mjcheetham mjcheetham deleted the client-cert branch July 10, 2023 23:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@derrickstolee derrickstolee derrickstolee approved these changes

@ldennington ldennington Awaiting requested review from ldennington

Assignees
No one assigned
Labels
enhancement New feature or request network Related to networking (VPN, TCP/IP, etc)
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Git Credential Manager Core doesn't support TLS client certificates
2 participants
@mjcheetham @derrickstolee